Wireless Mesh Networks, The NSA, And Re-building The Internet

from the exploring-all-the-avenues dept

One of the bitter lessons we learned from Snowden's leaks is that the Internet has been compromised by the NSA (with some help from GCHQ) at just about every level, from our personal software and hardware, through ISPs to major online services. That has prompted some in the Internet engineering community to begin thinking about how to put back as much of the lost security as possible. But even if that's feasible, it's clearly going to take many years to make major changes to something as big and complex as the Net.

However, there's an alternative approach to digital connectivity that has been around for a while, and that's already being used around the world. Wireless meshes allow ad-hoc networks to be set up independently of the Internet's main wiring by hooking together a local collection of suitable devices. Mesh networks can be thrown up and torn down quickly; devices can join and leave them dynamically; and they can recover from breaks in the wireless links by setting up alternative paths. They can either be run as local area networks, disconnected from the Internet, or hooked into it, allowing single or multiple links to be shared by the entire mesh.

The Open Technology Institute formulates policy and regulatory reforms to support open architectures and open source innovations and facilitates the development and implementation of open technologies and communications networks. OTI promotes affordable, universal, and ubiquitous communications networks through partnerships with communities, researchers, industry, and public interest groups and is committed to maximizing the potentials of innovative open technologies by studying their social and economic impacts – particularly for poor, rural, and other underserved constituencies. OTI provides in-depth, objective research, analysis, and findings for policy decision-makers and the general public.

Open Technology Institute (OTI) announced today that it has completed Beta testing and upgrades of its groundbreaking mesh networking toolkit, and is launching Commotion 1.0 in time for the new year. The launch represents the first full iteration of the technology, which makes it possible for communities to build and own their communications infrastructure using "mesh" networking. In mesh networks, users connect their devices to each other without having to route through traditional major infrastructure.

Commotion 1.0 is an open-source toolkit that provides users software and training materials to adapt mobile phones, computers, and other wireless devices to create decentralized mesh networks so they can connect and share local services. A mesh network can function locally as an Intranet, but when one user connects to the Internet, all users will have access to it as well.

Cannot hide your identity
Does not prevent monitoring of internet traffic
Does not provide strong security against monitoring over the mesh
Can be jammed with radio/data-interference

But it's important to remember that Commotion and the other wireless mesh systems were designed in a more innocent time, before we knew the extent to which we were being spied upon, and how much the basic protocols of the Internet had been compromised. Now that we've learnt about all those things, it would be good to use that knowledge to spur the creation of the next generation of wireless mesh systems with high levels of security and privacy, so that we can add them to our own collection of tools and tricks in the fight to build a surveillance-resistant Net.

Reader Comments

warning label should say

The warning label should say

- will likely expose you to your neighbors and other people on the network - easily permits man in the middle attacks and data redirection - has no real security, and you are likely to suffer many brute force attacks from within the network - Can disappear in an instant when the only node you can see gets turned off

I live a very, very high density condo project typical of my country, and on average I can see a dozen or more wireless units. Yet, move only 100 meters or so away, and the connections pretty much disappear, and you are relying on 4G / LTE connections - which most people will NOT share.

Quite simply, even in high density living, there is no assurance of a quality wi-fi signal indoors from any other source than your own unit, and thus, it just doesn't work well with current technology.

Yes, some people will put antennas on their house and setup beams and all that, but that only goes to prove that the mesh is so fine that it is easily broken. One guy moves and shuts down his node and a whole group of people could lose connectivity. Not exactly prime, is it?

Mesh networks have limits. The issue is there are companies behind the infrastructure and they are usually huge and pretty much don't know competition. This will have to be addressed before anything else. Sure the internet is decentralized and stuff but the underlying structure management is pretty much the opposite.

Re:

I still have mine. Haven't turned it back on since I shut it down in 1995, but it should still be usable. I continually resist the urge to turn it on just to walk down memory lane.

The only problem is that there wasn't much security on the BBS since the phone lines were run by AT&T and was point-to-point (hence, NSA already could get them,) and there was little, if any, encryption used on the connection.

Re: Re:

I've been wondering about that myself. Encrypted terminal software probably wouldn't be that hard to get running.

In the long run though, I'd also like to see custom modem modem modulations being used on point to point connections. The idea of being able to negotiate a dynamic 8FSK toneset or something during the handshake at the very least would be interesting.

There's really no easy way to avoid mass intercept - either on a public network or a mesh network as some other commenters have pointed out. I think that's the simplest way to get it done in the short term, though. Particularly if it's true that the machines responsible for monitoring are just made for automatically transcribing voice.

There's plenty more things then voice you can stuff down a phone line.

Wireless meshes are impractical to implement and easily broken into by the spooks as well. Keep in mind one of the recent revelations about the only part of government that actually listens to the people (the NSA) is that they can eavesdrop on a standard consumer wireless router from eight miles away. That makes any wireless mesh a house of cards that falls fairly easil5y.

Re:

There is nothing impractical about them, if people are willing to participate. Also while they are not resistant o an attack on an individual node, they are resistant to bulk data collection when they become large scale. The ability to listen to a WIFI node from miles away only applies in rural areas, In a city the range drops to a few building, depending on the density of WIFI nodes. When a node is surrounded by other nodes using the same frequencies, it is hidden by those nodes. To monitor all WIFI nodes in a city could become a case of a monitoring with low density housing, station for every large building, or every hundred or so houses. This adds up to an enormous infra-structure cost, as it requires monitoring nodes, and the communications infra structure to feed the data back to the spy agency.Use of mesh networks would be a step to protecting the population in general from blanket surveillance. It would not stop targeted surveillance, but along with encryption, make blanket surveillance too expensive to carry out.

I think it's still very early days for meshnets, though, and we'll probably need about a decade for the technology to catch-up. When everyone will have Wi-Fi that can do 10 Gbps for ranges of at least half a mile (or a mile, preferably), then we're talking! It should also get easier for individuals to launch their own Wi-Fi balloons, the way Google is doing in Africa.

The issue is that while the Wi-Fi Alliance may be interested in 10 Gbps Wi-Fi, I don't think they are interested in long range Wi-Fi, at all. They've recently seemed to have gone backwards and are starting to support very short range 60 Ghz WiGig Wi-Fi, which does 7 Gbps, but is kind of useless for meshnets due to its short range and inability to go through walls.

So we need to pressure the Wi-Fi Alliance to give us mile-long Wi-Fi protocols with at least 1Gbps throughput, as the next protocol after 802.11ac.

The only alternative for miles-long Wi-Fi right now is White Spaces wireless, but that's a centralized thing, and I doubt it can be very censorship resistant. It's more of a helping rural areas get Internet sort of thing, and mainly from bigger companies, not individuals.

Re:

All that is needed is for manufacturers to start selling boxes that autoconnect to the mesh network and where the only settings are whether you want to share your internet connection and how much of it you want to share.

Everything could be completely anonymous with nothing more than a mac address used for identification, or even a mesh network unique code used for anonymity.

A box that could do this would be super effective and fast in creating a mesh network all over the world.

Yes the basic internet infrastructure would be used for internet activity but eventually i can see boxes being produced that allowed everyone to host their own website free of charge.

Just imagine, you go and buy a box for $100 and install a hard drive of your own. You then have whatever the size the hard drive is space to use for a website or websites.

Yes this would need to be created as a standard first so all manufacturers could build on it, but in the end with a little thought the internet could become completely free and the only basic structure needed would be between countries with huge distances between them like the US to the EU.

Re:

They've recently seemed to have gone backwards and are starting to support very short range 60 Ghz WiGig Wi-Fi, which does 7 Gbps, but is kind of useless for meshnets due to its short range and inability to go through walls.

There is a good reason for that, too much interference with longer range technologies in high density housing areas. Mesh networks work best at medium density, where noes are close enough to see several others, but not so far apart that no other node is visible, or so close together that they interfere with each other because there are no clear channelsThat said, the current problems with the Internet are due to the way that the connections are provided. In the western world ate least, this is by asymmetric broadband, so that the only reasonable approach to a private server or site is to get it hosted at a data warehouse, server farm, or blogging host etc. That is let someone else have at least physical control, or provide the software for private servers, and feed all the connections through choke points that are easy to intercept.

The biggest advantage of meshnets is that they can't be "shut down". Nobody can just "pull the plug", to let people in the dark. But that's the "worst of the worst" situations - revolution type situations.

Until meshnets become a reality, there are quite a few projects inspired by Bitcoin that are trying to build secure and decentralized networks on top of the insecure Internet.